blob: 81fe8cca76bfb9d8781de17afdb29ffae66f22b4 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200509-02">
<title>Gnumeric: Heap overflow in the included PCRE library</title>
Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.
<product type="ebuild">Gnumeric</product>
<announced>September 03, 2005</announced>
<revised>September 03, 2005: 01</revised>
<package name="app-office/gnumeric" auto="yes" arch="*">
<unaffected range="ge">1.4.3-r2</unaffected>
<vulnerable range="lt">1.4.3-r2</vulnerable>
The Gnumeric spreadsheet is a versatile application developed as
part of the GNOME Office project. libpcre is a library providing
functions for Perl-compatible regular expressions.
Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).
<impact type="normal">
An attacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the privileges of
the user running Gnumeric.
There is no known workaround at this time.
All Gnumeric users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/gnumeric-1.4.3-r2&quot;</code>
<uri link="">CAN-2005-2491</uri>
<uri link="/security/en/glsa/glsa-200508-17.xml">GLSA 200508-17</uri>
<metadata tag="requester" timestamp="Fri, 02 Sep 2005 07:34:06 +0000">
<metadata tag="bugReady" timestamp="Fri, 02 Sep 2005 08:27:17 +0000">
<metadata tag="submitter" timestamp="Fri, 02 Sep 2005 15:23:09 +0000">